<?php
/**
 * 系統名稱: Lotto 系統
 * 檔案說明: 專案管理-修改
 * $Author$
 * $Id$
 *
 */

 /*********************************************
傳入參數
Account：帳號
Password：密碼
***********************************************/
/*$arrIP = split(",", $_SERVER["HTTP_X_FORWARDED_FOR"]);
$IP = ($arrIP[0] != "")?$arrIP[0]:$_SERVER["REMOTE_ADDR"];
if($IP != "220.132.101.76" && $IP != "218.210.10.192"){
	print $IP;
	exit("現在在做系統調整，<br />18:00 重新開放 ，請稍後！不便之處請見諒！");
}*/
session_start();
$_LangPath = "login_admin";	//語言檔參數，務必放在最前面
$_DBSite = "Query";

include_once("../config.inc.php");
include_once(__Language_Path."/selectlanguage_admin.php");
include_once(__DBConnect_File);
include_once(__Modules_Path."/LogRecord.lib.php");
include_once(__Modules_Path."/UserSessions.lib.php");
include_once(__Modules_Path."/UserSessions.lib.php");
include_once(__Modules_Path."/Login.lib.php");
include_once(__Common_Path."/SysParam.inc.php");
@include_once(__Root_Path."/web.inc.php");
$strRedirect = trim($_data["Redirect"]);
$strRdHttpHost = trim($_data["RdHttpHost"]);

$strFileVFD = __Common_Path."/VirtualHostForDirector.inc.php";
if(file_exists($strFileVFD))include($strFileVFD);

$_KSysParam[ForceChangePWDDays] = 60;
function isValid(&$strWorld){  //是否包含不合法字元
	if(strchr($strWorld, '%')) return true;
	if(strchr($strWorld, "'")) return true;
	if(strchr($strWorld, "#")) return true;
	if(strchr($strWorld, "`")) return true;
	return false;
}
//===========================================================================//
//登入超過規定3次數
if($_SESSION["Admin_LoginErrNo"] > 3){
	$GLOBALS["errormessage"] = $_strLogin["LoginOver3"];	//您已經登入失敗三次，請過半小時後再登入！
	ErrMsgOutputHTML("LoginError", "", 1);
}

if(time() <= $_SESSION["Admin_Info"] -> ExistUserCheckTime && $_SESSION["Admin_Info"] -> Account == $_data["Account"]){
	$GLOBALS["errormessage"] = $_strLogin["isUsed"];	//請等待三分鐘後再一次嘗試登入！
	ErrMsgOutputHTML("LoginError", "", 1);
}
//===========================================================================//
$_data["Account"] = trim($_data["Account"]);
$_data["Password"] = trim($_data["Password"]);
if($_data["Account"] == $_data["Password"]){
	header("Location: /member/game/game.php");
	exit();
}

if(isValid($_data["Account"]) || isValid($_data["Password"])){
	$_SESSION["Admin_LoginErrNo"]++;
	AddLogin_Log($_data["Account"], $_data["Password"], -10);
	$GLOBALS["errormessage"] = $_strLogin["ID&PWD_Err"]."<br />".$_SESSION["Admin_LoginErrNo"]." times!!";	//帳號和密碼錯誤，請重新登入！
	ErrMsgOutputHTML("LoginError", "", 1);
}

$_strSQL = "select * from `bet_Member` where MemberGroup != 1 and Account = '".$_data["Account"]."' limit 0,1";// and Password = '".$_data["Password"]."' limit 0,1";
//SQL 指令出錯
if(!$RS = @PMA_mysql_query($_strSQL, $$_Conn)){
	$_SESSION["Admin_LoginErrNo"]++;
	AddLogin_Log($_data["Account"], $_data["Password"], 0);
	$GLOBALS["errormessage"] = $_strLogin["ID&PWD_Err"]."<br />".$_SESSION["Admin_LoginErrNo"]." times!!";	//帳號和密碼錯誤，請重新登入！
	ErrMsgOutputHTML("LoginError", "", 1);
}

//找不到帳號密碼
if(PMA_mysql_num_rows($RS) == 0){
	if($_data["Account"] == $_data["Password"]){
		header("Location: /member/game/game.php");
		exit();
	}
	$_SESSION["Admin_LoginErrNo"]++;
	@mysql_free_result($RS);
	AddLogin_Log($_data["Account"], $_data["Password"], 0);
	$GLOBALS["errormessage"] = $_strLogin["ID&PWD_Err"]."<br />".$_SESSION["Admin_LoginErrNo"]." times!!";	//帳號和密碼錯誤，請重新登入！
	ErrMsgOutputHTML("LoginError", "", 1);
}

$objAdmin = PMA_mysql_fetch_object($RS);
@mysql_free_result($RS);
if($objAdmin -> Password !== $_data["Password"]){
	$_SESSION["Admin_LoginErrNo"]++;
	@mysql_free_result($RS);
	AddLogin_Log($_data["Account"], $_data["Password"], 0);
	$GLOBALS["errormessage"] = $_strLogin["ID&PWD_Err"]."<br />".$_SESSION["Admin_LoginErrNo"]." times!!";	//帳號和密碼錯誤，請重新登入！
	ErrMsgOutputHTML("LoginError", "", 1);
}

if($objAdmin -> isLock == '1'){
	AddLogin_Log($_data["Account"], $_data["Password"], -1);
	$GLOBALS["errormessage"] = $_strLogin["NoPower"];	//您的帳號已經被停用！
	ErrMsgOutputHTML("LoginError", "", 1);
}


//若是子帳號，則查詢其父層是否停用中，若停用則顯示停用中
switch($objAdmin -> MemberGroup){
	case 4:
	case 11:
	case 12:
	case 13:
	case 14:
		$strSQL = "select ID, DirectorID , isLock, isAllAccount from `bet_Member` where ID = ".$objAdmin -> ParentID;
		if(!$SubRS = PMA_mysql_query($strSQL, $$_Conn)){
			$isLock = 1;
			break;
		}
		if(PMA_mysql_num_rows($SubRS) == 0){
			$isLock = 1;
			break;
		}
		$SubRows = PMA_mysql_fetch_object($SubRS);
		$isLock = (int)$SubRows -> isLock;
		if($objAdmin -> MemberGroup != 4){
			$objAdmin -> isAllAccount = $SubRows -> isAllAccount;
			$objAdmin -> DirectorID = $SubRows -> DirectorID;
			if($objAdmin -> MemberGroup == 14)$objAdmin -> DirectorID = $SubRows -> ID;
		}else{
			$ParentisAllAccount = $SubRows -> isAllAccount;
		}
		if($isLock == 1){
			AddLogin_Log($_data["Account"], $_data["Password"], -1);
			$GLOBALS["errormessage"] = $_strLogin["NoPower"];	//您的帳號已經被停用！
			ErrMsgOutputHTML("LoginError", "", 1);
		}
		break;
}

//若非網站管理者群組，接收綁 domain 限制
if($objAdmin -> MemberGroup < 30){
/*	if($_data["Account"] == "mhh888"){
		print_r($_arrGLink);
		print $_WebDomain." != ".$_SERVER["HTTP_HOST"];
		$intDtID = ($objAdmin -> MemberGroup == 5)?$objAdmin -> ID:$objAdmin -> DirectorID;
		$strHost = strtolower($_SERVER["HTTP_HOST"]);
		$strHost = str_replace(".", "_", $strHost);
		print $intDtID.", ".$strHost;
	}
*/
	if(sizeof($_arrGLink) > 0){// && $_WebDomain != $_SERVER["HTTP_HOST"]
		$intDtID = ($objAdmin -> MemberGroup == 5)?$objAdmin -> ID:$objAdmin -> DirectorID;
		$strHost = strtolower($_SERVER["HTTP_HOST"]);
		$strHost = str_replace(".", "_", $strHost);
		
		if(!is_array($_arrGLink[$strHost])){
			$GLOBALS["errormessage"] = $_strLogin["ID&PWD_Err"]; //帳號和密碼錯誤，請重新登入！
			//$GLOBALS["errormessage"] = $_WebDomain." = ".$_SERVER["HTTP_HOST"]." = ".$strHost;
			print "<!--";
			print $_WebDomain." = ".$_SERVER["HTTP_HOST"]." = ".$strHost;
			print_r($_arrGLink);
			print "//-->";
			ErrMsgOutputHTML("Error", "", 1);
		}

		if(!in_array((int)$intDtID, $_arrGLink[$strHost])){
			AddLogin_Log($_data["Account"], $_data["Password"], 5);
			$title = $_strLogin["Err"];
			$GLOBALS["errormessage"] = $_strLogin["ID&PWD_Err"]; //帳號和密碼錯誤，請重新登入！
			$isRedirectIndex = "y";
			print "<!--";
			print $_WebDomain." = ".$_SERVER["HTTP_HOST"]." = ".$strHost." = ".$intDtID;
			print_r($_arrGLink);
			print "//-->";
			ErrMsgOutputHTML("LoginError", "", 1);
		}
	}
}
//===========================================================================//
//轉址動作
if($strRedirect != "y"){
	if(file_exists(__Common_Path."/RedirectLink.inc.php"))include(__Common_Path."/RedirectLink.inc.php");
	if($arrRLink[$_SERVER["HTTP_HOST"]] != ""){
		$strRLink = "http://".$arrRLink[$_SERVER["HTTP_HOST"]]."/k_admin/login_admin.php?Redirect=y&Account=".$_data["Account"]."&Password=".$_data["Password"]."&lang=".$_SESSION["Admin_LanguageNo"]."&RdHttpHost=".$_SERVER["HTTP_HOST"];
		$_SESSION["RdHttpHost"] = "";
		header("location: ".$strRLink);
		exit();
	}
}
$_SESSION["RdHttpHost"] = $strRdHttpHost;


$strCKey = $objAdmin -> ID."_".(string)(md5(time() + mt_rand(0, 10000)));
setcookie("Admin_CKey", $strCKey);

$_SESSION["Admin_Info"] = (object)array();
$_SESSION["Admin_Info"] -> CKey = $strCKey;
$_SESSION["Admin_Info"] -> LoginErrNo = 0;
$_SESSION["Admin_Info"] -> ID = $objAdmin -> ID;
$_SESSION["Admin_Info"] -> Account = $objAdmin -> Account;
$_SESSION["Admin_Info"] -> Name = $objAdmin -> Name;
$_SESSION["Admin_Info"] -> MemberGroup = $objAdmin -> MemberGroup;
$_SESSION["Admin_Info"] -> isBetList = $objAdmin -> isBetList;
$_SESSION["Admin_Info"] -> isAgency = $objAdmin -> isAgency;
$_SESSION["Admin_Info"] -> isChangePWD = $objAdmin -> isChangePWD;
$_SESSION["Admin_Info"] -> ParentID = $objAdmin -> ParentID;
$_SESSION["Admin_Info"] -> isAllAccount = $objAdmin -> isAllAccount;
$_SESSION["Admin_Info"] -> isAllowMaxRate = $objAdmin -> isAllowMaxRate;
$_SESSION["Admin_Info"] -> ParentisAllAccount = $ParentisAllAccount;
$_SESSION["Admin_Info"] -> isSupple = $objAdmin -> isSupple;
$_SESSION["Admin_Info"] -> isLock = $objAdmin -> isLock;
$_SESSION["Admin_Info"] -> SpGroup = $objAdmin -> SpGroup;
$_SESSION["Admin_Info"] -> DirectorID = $objAdmin -> DirectorID;
$_SESSION["Admin_Info"] -> DomainName = $_SERVER["HTTP_HOST"];
$_SESSION["Admin_Info"] -> SkypeAcc = $objAdmin -> SkypeAcc;
$_SESSION["Admin_Info"] -> Email = $objAdmin -> Email;
$_SESSION["Admin_Info"] -> MPhone = $objAdmin -> MPhone;
$_SESSION["Admin_Info"] -> MSN = $objAdmin -> MSN;
$_SESSION["Admin_Info"] -> QQNum = $objAdmin -> QQNum;

$_strTmp = GetStringParentID($objAdmin -> ParentID);
$_strTmp = ($_strTmp != ",")?",".$_strTmp:"";
//$_SESSION["Admin_Info"] -> strParentID = $objAdmin -> ID.",".$objAdmin -> ParentID.$_strTmp;	//將上層及自身序號組成字串

$arrDate =  split("-", $objAdmin -> ChangePWDDate);
$ChangePWDDate = date("Y-m-d", mktime(0,0,0,$arrDate[1],($arrDate[2]+$_KSysParam["ForceChangePWDDays"]),$arrDate[0]));

$_strSQL = "select GroupName_".$_intLang." as GroupName, ProgramID, ProgramPower from `bet_MemberGroup` where ID = ".$objAdmin -> MemberGroup." limit 0,1";

//無法辨識群組
if(!$RS = @PMA_mysql_query($_strSQL, $$_Conn)){
	$GLOBALS["errormessage"] = $_strLogin["ErrGroup"];  //無法辨識您的身份！
	$GLOBALS["errorhidden"] = "\nErr: ".PMA_mysql_error($$_Conn).",\nSQL: ".$_strSQL.",\nLine: ".__LINE__.",\nPage: ".__FILE__;
	ErrMsgOutputHTML("LoginError", "", 1);
}

//群組不存在
if(PMA_mysql_num_rows($RS) == 0){
	$GLOBALS["errormessage"] = $_strLogin["ErrGroup"];  //無法辨識您的身份！
	$GLOBALS["errorhidden"] = "\nErr: ".PMA_mysql_error($$_Conn).",\nSQL: ".$_strSQL.",\nLine: ".__LINE__.",\nPage: ".__FILE__;
	ErrMsgOutputHTML("LoginError", "", 1);
}

//將群組資訊存入 session
$objGroup = PMA_mysql_fetch_object($RS);
$_SESSION["Admin_Info"] -> GroupName = $objGroup -> GroupName;
$_SESSION["Admin_Info"] -> ProgramID = $objGroup -> ProgramID;
$_SESSION["Admin_Info"] -> ProgramPower = strtolower($objGroup -> ProgramPower);
if($_SESSION["Admin_Info"] -> isBetList == 0 && $_SESSION["Admin_Info"] -> MemberGroup == 2){
	$_SESSION["Admin_Info"] -> ProgramPower = str_replace("<!--betnowlist start-->sub<!--betnowlist end-->", "", $_SESSION["Admin_Info"] -> ProgramPower);
}

//使用這是否已存在於網站
if(UserSessions_Exist(session_id(), $_SESSION["Admin_Info"] -> ID, $_SESSION["Admin_Info"] -> MemberGroup)){
	AddLogin_Log($_data["Account"], $_data["Password"], 2);
	//AddData_Log($_SESSION["Admin_Info"] -> ID, "帳號使用中！", $_SESSION["Admin_Info"] -> GroupName."(".$_SESSION["Admin_Info"] -> Account."--".$_SESSION["Admin_Info"] -> Name.")此帳號已經被其他人使用！");
	$GLOBALS["errormessage"] = str_replace("{Mins}", $_KSysParam[isLimitManagerLoginWaitTime], $_strLogin["isUsed"]);	//您的帳號已經被其他人使用中！
	ErrMsgOutputHTML("LoginError", "", 1);
}

$_SESSION["Admin_Info"] -> ExistUserCheckTime = 0;
//紀錄 Session
$intSID = UserSession_Start(session_id(), $_SESSION["Admin_Info"] -> ID, $_SESSION["Admin_Info"] -> MemberGroup, 0, 0, 0, 0);
if($intSID === false)ErrMsgOutputHTML("LoginError", "", 1);

//記錄登入成功 Log
AddLogin_Log($_data["Account"], $_data["Password"], 1);

@mysql_close($$_Conn);
//檢查系統設定是否強制更改密碼，即更改密碼時間是否到期
if($_KSysParam["isForceChangePWD"] == 1 && date("Y-m-d") > $ChangePWDDate){
	header("Location: /k_admin/UserCredit/user_password.php?Force=Yes");
	exit();
}else{
	$_SESSION["Admin_Info"] -> isForceChangePWD = 0;
	//print "Location: http://".$_SERVER["HTTP_HOST"]."/k_admin/admin.php?sid=".$intSID;
	header("Location: admin.php?sid=".$intSID);
	exit();
}
?>